1. 首頁
  2. 問答
  3. 跳過一個錯誤檢查if if else語句

跳過一個錯誤檢查if if else語句

2013-07-29 68 views
1

我在使用if else語句的程序中檢查了這個錯誤。我有兩件事要檢查。他們是跳過一個錯誤檢查if if else語句

  1. PoliceID(PK)

  2. 身份證

下面檢查語句如果文本框有PoliceID和身份證號碼相同的值在數據庫中。

if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim()))) 
       { 

        lbmsg.Text = "This police account has already exist. Please verify the details again."; 

       }

如果文本框(police id)與數據庫中的值相同,它們會給出另一個不同的錯誤。

if (tbpid.Text.Equals(dr["policeid"].ToString())) 
       { 
        lbmsg.Text = "This police ID has already exists. Please generate another Police ID"; 
       }

如果文本框(身份證)具有相同的值在數據庫中,他們會給另一個錯誤

if (tbnric.Text.Equals(dr["nric"].ToString())) 
       { 
        lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct"; 
       }

如果我是所有錯誤校驗信息結合在一起會是這樣的。

protected void btnAdd_Click(object sender, EventArgs e) 
    { 



      SqlConnection con = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI"); 
      con.Open(); 
      SqlCommand select = new SqlCommand("Select policeid, nric from PoliceAccount where policeid = @policeid" , con); 
      SqlDataReader dr; 

      select.Parameters.AddWithValue("@policeid", tbpid.Text);    

      dr = select.ExecuteReader(); 
      if(dr.Read()) 
      { 
       if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim()))) 
       { 

        lbmsg.Text = "This police account has already exist. Please verify the details again."; 

       } 
       else if (tbpid.Text.Equals(dr["policeid"].ToString())) 
       { 
        lbmsg.Text = "This police ID has already exists. Please generate another Police ID"; 
       } 
       else if (tbnric.Text.Equals(dr["nric"].ToString())) 
       { 
        lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct"; 
       } 

      } 

      else 
      { 

       SqlConnection conn = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI"); 
       conn.Open(); 
       SqlCommand cmd = new SqlCommand("insert into PoliceAccount(policeid, password, nric, fullname, postedto) values('" + tbpid.Text.Trim() + "','" + tbpid.Text.Trim() + "','" + tbnric.Text.Trim() + "','" + tbfullname.Text.Trim() + "', '" + ddllocation.SelectedValue + "')", conn); 
       cmd.ExecuteNonQuery(); 
       conn.Close(); 

       lbmsg.Text = "Congratulations. The police account of ID " + tbpid.Text + " has been successfully added. You may edit the profile via the edit profile tab above"; 

       tbpid.Text = ""; 
       tbnric.Text = ""; 
       tbfullname.Text = ""; 
       ddllocation.SelectedValue = "Select Location"; 


      } 

      //ConfirmButtonExtender2.ConfirmText = "Are you sure you want to add this Police Account " + tbpid.Text + " ?"; 
     } 

    }

但是,這裏的問題是錯誤檢查消息的前兩個語句設法工作。不幸的是,這個NRIC不起作用。例如,如果我要輸入不同的policeID但是相同的NRIC,數據仍然被插入到數據庫中,這意味着它完全忽略了上面的NRIC錯誤檢查。我一直在看它幾個小時,我還沒有找到問題。如果有人能指導我這一點,將不勝感激。

要添加的,在我的數據庫,我已經把我的主鍵policeID身份證只是在我的數據庫

問候一個常規數據列

來源

2013-07-29 Teo Chuen Wei Bryan

+0

你讓我難過。你的代碼對於sql注入非常脆弱,你應該考慮修復它。 – Peter

+0

我知道所謂的SQL注入,但我目前主要關心的不是那個。我仍然試圖做一個只能由我使用的簡單應用程序。至於安全方面,完成我的項目後,我一定會考慮。不過謝謝你的關心。 –

+1

@TeoChuenWeiBryan閱讀下面的答案我確定它會幫助你? –

回答

1

,因爲查詢

Select policeid, nric from PoliceAccount where [email protected] 因爲ploiceid不存在手段dr.Read()是假的,因爲沒有行讀這將不返回任何行的最後一個沒有工作,所以它會直接在其他部分在數據庫中插入數據的位置。所以讓它工作。嘗試像這樣...

if(dr.Read()) 
      { 
       if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim()))) 
       { 

        lbmsg.Text = "This police account has already exist. Please verify the details again."; 

       } 
       else if (tbpid.Text.Equals(dr["policeid"].ToString())) 
       { 
        lbmsg.Text = "This police ID has already exists. Please generate another Police ID"; 
       } 
      } 

      else 
      { 
if (tbnric.Text.Equals(dr["nric"].ToString())) 
       { 
        lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct"; 
       } 
else 
{ 

       SqlConnection conn = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI"); 
       conn.Open(); 
       SqlCommand cmd = new SqlCommand("insert into PoliceAccount(policeid, password, nric, fullname, postedto) values('" + tbpid.Text.Trim() + "','" + tbpid.Text.Trim() + "','" + tbnric.Text.Trim() + "','" + tbfullname.Text.Trim() + "', '" + ddllocation.SelectedValue + "')", conn); 
       cmd.ExecuteNonQuery(); 
       conn.Close(); 

       lbmsg.Text = "Congratulations. The police account of ID " + tbpid.Text + " has been successfully added. You may edit the profile via the edit profile tab above"; 

       tbpid.Text = ""; 
       tbnric.Text = ""; 
       tbfullname.Text = ""; 
       ddllocation.SelectedValue = "Select Location"; 
} 
}

爲了使現有的代碼工作嘗試此查詢

Select policeid, nric from PoliceAccount where [email protected] or [email protected]

總是返回行,如果在數據庫中存在的一個ID,如果兩人都沒有超過它插入數據庫。

來源

2013-07-29 07:10:56

+0

其實一切都很好。你在下面給出的SQL語句是正確的。最初我把'policeid = @ policeid和nric = @ nric'放在哪裏,把''和'改成''或'後可以工作。謝謝! –

+1

@TeoChuenWeiBryan您的熱烈歡迎... –

1

您的選擇語句似乎是問題所在。看起來你希望nric是獨一無二的,但是你並沒有在你的select語句的where子句中使用它。你現在擁有的方式,只要警察是獨一無二的,任何nric值都可以。換句話說,如果前兩個檢查通過,那麼第三個檢查也會。試試這個:

SqlCommand select = new SqlCommand("Select policeid, nric from PoliceAccount where policeid = @policeid or nric = @nric" , con); 
SqlDataReader dr; 

select.Parameters.AddWithValue("@policeid", tbpid.Text); 
select.Parameters.AddWithValue("@nric", tbnric.Text); 

dr = select.ExecuteReader();

但是,如果你不想身份證號碼是唯一的,那麼你的代碼工作正常!

來源

2013-07-29 07:22:09

相關問題

 相關問題